ClawHub
Back to skill

Security audit

ai-code-stat-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a real code-statistics and commit helper, but it can stage and commit an entire repository with too little file-level review.

Install only if you are comfortable with a skill that can make Git commits. Before using its commit flow, run `git status`, inspect the diff, remove secrets or unrelated files, and prefer changing the script to stage explicit files instead of `git add .`. Use the analysis-only pieces separately if you only need code statistics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
AI代码总行数:{ai}
AI代码占比:{percent}%"""

    subprocess.run(["git", "add", "."])
    subprocess.run(["git", "commit", "-m", commit_msg])

    return commit_msg
Confidence
95% confidence
Finding
subprocess.run(["git", "add", "."])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
AI代码占比:{percent}%"""

    subprocess.run(["git", "add", "."])
    subprocess.run(["git", "commit", "-m", commit_msg])

    return commit_msg
Confidence
96% confidence
Finding
subprocess.run(["git", "commit", "-m", commit_msg])

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to read repository state and execute shell commands such as Git and Python without declaring corresponding permissions. Hidden or undeclared file_read/shell capability increases the chance of unexpected command execution and weakens user/admin ability to review what the skill can actually do.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The code uses broad exception handlers that silently suppress failures during file reading and git inspection, while the specification claims errors should be surfaced. This can hide parsing failures or repository issues and still produce misleading statistics or proceed toward commit generation, undermining integrity of the audit trail the skill is meant to enforce.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill directly stages and commits repository changes through subprocesses, which gives it the ability to modify project history and package up arbitrary local changes without an explicit safety barrier. In the context of a code-statistics/commit-formatting skill, this increases danger because users may reasonably expect reporting or formatting behavior, not automatic write actions against their repository.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs automatic submission and the implementation stages all files with git add . and commits them after a simple prompt flow, without clearly warning the user that every current change in the repository will be included. In an agent context, this is dangerous because it can cause unintended persistence of sensitive files, unrelated edits, secrets, or partially reviewed code into version history.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger for entering commit flow is broad ('提交代码' or similar semantics), which can cause the agent to initiate a repository-changing workflow from ambiguous natural-language input. In a skill that later performs stats, reads Git config, and commits changes, loose activation increases the risk of unintended destructive or persistent actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs execution of repository-changing commands, including commit creation, without requiring an explicit warning or confirmation about side effects. This is dangerous because committing modifies project history and can persist unintended content or metadata based on casual user input.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code performs `git add` and `git commit` with no user-facing warning, confirmation, or preview of what will be committed. In an agent setting this is a real safety weakness because users may trigger irreversible repository changes unintentionally, including committing secrets, generated artifacts, or unrelated work in progress.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.